Mercurial > hg > dhcpcd

changeset 5345:f6051f78e441 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Try and guard against impossibly large data.
author Roy Marples <roy@marples.name>
date Wed, 10 Jun 2020 11:16:14 +0100
parents 3df49497d40b
children 3ceefc13699e
files src/dhcpcd.c src/privsep-root.c
diffstat 2 files changed, 7 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcpcd.c	Wed Jun 10 08:30:28 2020 +0100
+++ b/src/dhcpcd.c	Wed Jun 10 11:16:14 2020 +0100
@@ -1686,6 +1686,10 @@
 			errno = EINVAL;
 		goto err;
 	}
+	if (ctx->ctl_buflen > SSIZE_MAX) {
+		errno = ENOBUFS;
+		goto err;
+	}
 
 	free(ctx->ctl_buf);
 	ctx->ctl_buf = malloc(ctx->ctl_buflen);
--- a/src/privsep-root.c	Wed Jun 10 08:30:28 2020 +0100
+++ b/src/privsep-root.c	Wed Jun 10 11:16:14 2020 +0100
@@ -151,10 +151,10 @@
 		PSR_ERROR(errno);
 	else if ((size_t)len < sizeof(*psr_error))
 		PSR_ERROR(EINVAL);
-	else if (psr_error->psr_datalen > SSIZE_MAX)
+
+	if (psr_error->psr_datalen > SSIZE_MAX)
 		PSR_ERROR(ENOBUFS);
-
-	if (psr_error->psr_datalen != 0) {
+	else if (psr_error->psr_datalen != 0) {
 		psr_ctx->psr_data = malloc(psr_error->psr_datalen);
 		if (psr_ctx->psr_data == NULL)
 			PSR_ERROR(errno);